You want to use Perfmon to monitor the
performance of Active Directory.
There are several Perfmon counters that can be very valuable for
monitoring and troubleshooting Active Directory. The NTDS performance
object has counters for address book lookups, inbound and outbound
replication, LDAP reads, writes and searches, Kerberos
authentication, and the Security Account Manager (SAM).
Here is a list of some of the most useful NTDS counters.
I've also included their Perfmon explanation, which
you can view by clicking on the Explain button in the Add Counters
dialog box.
- DRA Inbound Bytes Total/sec
-
Shows the total number of bytes replicated in. It is the sum of the
number of uncompressed bytes (never compressed) and the number of
compressed bytes (after compression).
- DRA Inbound Objects/sec
-
Shows the number of objects received from neighbors through inbound
replication. A neighbor is a domain controller from which the local
domain controller replicates locally.
- DRA Inbound Values Total/sec
-
Shows the total number of object property values received from
inbound replication partners. Each inbound object has one or more
properties, and each property has zero or more values. Zero values
indicates property removal.
- DRA Outbound Bytes Total/sec
-
Shows the total number of bytes replicated out. It is the sum of the
number of uncompressed bytes (never compressed) and the number of
compressed bytes (after compression).
- DRA Outbound Objects/sec
-
Shows the number of objects replicated out.
- DRA Outbound Values Total/sec
-
Shows the number of object property values sent to outbound
replication partners.
- DRA Pending Replication Synchronizations
-
Shows the number of directory synchronizations that are queued for
this server, but not yet processed.
- DS Client Binds/sec
-
Shows the number of Ntdsapi.dll binds per second serviced by this DC.
- DS Directory Reads/sec
-
Shows the number of directory reads per second.
- DS Directory Searches/sec
-
Shows the number of directory searches per second.
- DS Directory Writes/sec
-
Shows the number of directory writes per second.
- KDC AS Requests
-
Shows the number of Authentication Server (AS) requests serviced by
the Kerberos Key Distribution Center (KDC) per second. AS requests
are used by client to obtain a ticket-granting ticket.
- KDC TGS Requests
-
Shows the number of Ticket Granting Server (TGS) requests serviced by
the KDC per second. TGS requests are used by the client to obtain a
ticket to a resource.
- Kerberos Authentications
-
Shows the number of times per second that clients use a ticket to
this DC to authenticate to this DC.
- LDAP Bind Time
-
Shows the time, in milliseconds, taken for the last successful LDAP
bind.
- LDAP Client Sessions
-
Shows the number of currently connected LDAP client sessions.
- LDAP Searches
-
Shows the percentage of directory searches coming from LDAP.
- LDAP Searches/sec
-
Shows the rate at which LDAP clients perform search operations.
- LDAP Successful Binds
-
Shows the percentage of LDAP bind attempts that are successful.
- LDAP Successful Binds/sec
-
Shows the number of LDAP binds per second.
- LDAP Writes
-
Shows the percentage of directory writes coming from LDAP.
- LDAP Writes/sec
-
Shows the rate at which LDAP clients perform write operations.